Forum OpenACS Q&A: Re: OpenACS Docker Email configuration

Collapse
7: Re: OpenACS Docker Email configuration (response to 1)
Posted by Gustaf Neumann on 01/12/26 11:22 AM

Hi Tyge,

here a short recipe for using the oacs-db-inclusive container with mail-relay:

1) In the OpenACS package parameter for acs-mail-lite set the following parameters

EmailDeliveryMode nssmtpd
SMTPPort 2525

2) Use the following extended docker-config file:

# SPDX-License-Identifier: MPL-2.0
#
# oacs-db-inclusive example
#
# Runs:
#   - openacs (includes nsd + OpenACS code)
#   - postgres (local db)
#
# Works without any environment variables.
#
# Stack-level parameters (optional):
#   TZ                 default: Europe/Vienna
#   hostname           default: localhost      (OpenACS hostname)
#
#   ipaddress          default: 127.0.0.1      (host bind for IPv4)
#   ipv6address        default: ::1            (host bind for IPv6)
#   httpport           default: (empty)        (random host port -> container 8080)
#   httpsport          default: (empty)        (random host port -> container 8443)
#
#   nsdconfig          default: /usr/local/ns/conf/openacs-config.tcl
#
#   db_name            default: oacs-5-10
#   db_user            default: openacs
#   db_host            default: postgres
#   db_port            default: 5432
#
#   system_pkgs         default: imagemagick poppler-utils  (load these as extra apt packages at startup)
#
# Tailoring:
#   - To use a host secrets directory: replace oacs_secrets volume with ./secrets:/run/secrets:ro
#   - To use custom OpenACS config: bind-mount openacs-config.tcl to /usr/local/ns/conf/openacs-config.tcl
#   - For IPv6 bindings: use docker-compose.ipv6.yml override
#

x-default-env: &default-env
  TZ: Europe/Vienna

x-db-env: &db-env
  oacs_db_name: ${db_name:-oacs-5-10}
  oacs_db_user: ${db_user:-openacs}
  oacs_db_host: ${db_host:-postgres}
  oacs_db_port: ${db_port:-5432}
  oacs_db_passwordfile: /run/secrets/psql_password

services:
  openacs:
    image: gustafn/openacs:latest
    restart: unless-stopped
    hostname: ${hostname}
    depends_on:
      - postgres
    command: >
      /bin/sh -c "
        . /scripts/container-setup-openacs.sh \\
        && /usr/local/ns/bin/nsd -i -t $${nsdconfig:-/usr/local/ns/conf/openacs-config.tcl} -u nsadmin -g nsadmin
      "
    volumes:
      # The following volumes can be named (default) or host paths.
      # If it is a host path: must exist/ be writable.
      - ${hostroot:-oacs_data}:/var/www/openacs
      - ${secretsdir:-oacs_secrets}:/run/secrets
      - ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates
      - ${logdir:-oacs_log}:/var/www/openacs/log

      - /var/run/docker.sock:/var/run/docker.sock

    ports:
      # Provide IP address and ports for your application if needed.
      # By default, the local IP address and an ephemeral port are used.
      - ${ipaddress:-127.0.0.1}:${httpport:-}:8080
      - ${ipaddress:-127.0.0.1}:${httpsport:-}:8443
      # Examples for using (additionally) IPv6 addresses for HTTP and HTTPS
      #- ${ipv6address:-::1}:${httpport:-}:8080
      #- ${ipv6address:-::1}:${httpsport:-}:8443

    healthcheck:
        test: ["CMD-SHELL", "curl -s -H \"Host: localhost\" -f http://localhost:8080/SYSTEM/success.tcl || exit 1"]
        interval: 10s
        timeout: 5s
        retries: 5

    environment:
      <<:
        - *default-env
        - *db-env
      LD_PRELOAD: ${LD_PRELOAD:-}
      oacs_httpport: 8080
      oacs_httpsport: 8443
      oacs_smtpdport: 2525
      oacs_smtprelay: plain://mail-relay:25
      oacs_ipaddress: "::"
      oacs_loopbackport: ${internal_loopbackport:-8888}
      oacs_hostname: ${hostname:-localhost}
      oacs_serverroot: /var/www/openacs
      oacs_certificate: ""      # computed via container setup script
      oacs_logdir: /var/www/openacs/log
      oacs_tag: ${oacs_tag:-oacs-5-10}
      oacs_clusterSecret: ${clusterSecret:-}
      oacs_parameterSecret: ${parameterSecret:-}
      system_pkgs: ${system_pkgs:-imagemagick poppler-utils}

  postgres:
    image: postgres:18
    hostname: postgres
    restart: unless-stopped
    #user: postgres

    environment:
      <<: *default-env
      POSTGRES_PASSWORD_FILE: /run/secrets/psql_password
      POSTGRES_USER: ${db_user:-openacs}
      POSTGRES_DB: ${db_name:-oacs-5-10}

    volumes:
      - db_data:/var/lib/postgresql
      - ${secretsdir:-oacs_secrets}:/run/secrets
      - ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates

    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${db_user:-openacs} --dbname ${db_name:-oacs-5-10}"]
      interval: 10s
      timeout: 5s
      retries: 5

  # ------------------------------------------------------------------
  #  mail relay
  # ------------------------------------------------------------------
  mail-relay:
    image: gustafn/mail-relay:latest
    container_name: mail-relay
    hostname: smtpd.${hostname}
    restart: unless-stopped

    environment:
      <<: *default-env
      # Use the managed certificate store (same as OpenACS uses)
      POSTFIX_MYORIGIN: localhost
      POSTFIX_TLS_CERT_FILE: /var/lib/naviserver/certificates/${hostname}.pem

    volumes:
      - ${logdir:-oacs_log}:/var/log
      - ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates:ro

volumes:
  db_data:
  oacs_data:
  oacs_log:
  oacs_secrets:
  oacs_certificates:

The changes relative to the version [oacs-db-inclusive](https://github.com/gustafn/docker-ns/blob/main/examples/oacs-db-inclusive]:

  • openacscontainer: setting hostname, oacs_smtpdport and oacs_smtprelay
  • adding the mail-relay container

3) important: setting the environment/stack variable hostname, since the docker-confg file references i.

We could probably simplify further (e.g. overriding the mail delivery mode, when the nssmtpd module is configured), but that might lead to bad interactions for some people.

Hope this helps! All the best
-g